What is Malware?

Malware is a malicious software designed by a cyber criminal attempting to infiltrate a device and disrupt, steal, or exploit sensitive information. There are many types of malware and each involve a different method of exploitation. However, in most cases the cyber criminal wants to gain access to information that could harm the user to either financially benefit themselves through the form of a ransom or identity theft.

Malware works by exploiting vulnerabilities in computer systems or software to gain unauthorized access and perform malicious actions. Once a system is infected with malware, it can spread to other systems and networks, making it difficult to detect and remove. Usually, threat actors are attempting to steal sensitive information, install ransomware, or send spam.

Malware can be installed into your systems in several ways including:

• Phishing attacks
• Social engineering
• Exploiting software vulnerabilities

Malware is a malicious software designed by a cyber criminal attempting to infiltrate a device and disrupt, steal, or exploit sensitive information. There are many types of malware and each involve a different method of exploitation. However, in most cases the cyber criminal wants to gain access to information that could harm the user to either financially benefit themselves through the form of a ransom or identity theft.

Malware can take many forms, including viruses, worms, Trojans, ransomware, spyware, adware, and more. These programs can be designed to steal sensitive information, damage/destroy files, or even take control of the infected system. Malware is typically spread through email attachments, software downloads, and infected websites, among other methods.

Viruses: These are programs that can self-replicate and infect other files on a computer or network. Because viruses can spread, it is vital that security teams contain a virus once it is within a system. If not contained, a virus can cause serious damage throughout a system.

Trojans: A trojan malware can be installed into a system by tricking an individual into downloading a malicious software. The software appears to be legitimate but contain malicious code that can harm or exploit a system. Once a Trojan horse is installed, it can perform a variety of malicious actions, such as stealing sensitive data, logging keystrokes, or giving remote access to the attacker. Trojan horses can be spread through infected email attachments, software downloads, or malicious websites. 

Ransomware: This is a type of malware that encrypts valuable files on a victim’s device, denying access, and demanding money in exchange for access to the files. Ransomware has been increasingly difficult to deal with, especially with most ransom payments being made in crypto currency which is untraceable.

Adware: A software that will display unwanted advertisements or pop-ups on a computer or device. The adware will typically overwhelm a system's memory usage with advertisements, causing your device to slow down or even crash.

Spyware: This is software that is installed on a device without the knowledge of the user. Operating in a covert manner, the spyware allows an attacker to monitor a user's activity and collect sensitive information, such as login credentials or financial data.

Botnets: Short for “robot network” a botnet is a malware that infects a network of computers or multiple devices. All these devices are under control of an attacker or attacking party making it difficult to pinpoint the originally compromised device. When a system or computer is compromised it becomes a “bot” and is controlled by the “bot-herder” or “bot-master.”

Malvertising: Short for “malicious advertising” is used to distribute malware through the use of online advertising. The malicious code is embedded into ads that will infect a device upon clicking it.

To prevent malware, you should use antivirus software, keep your operating system and software up to date, avoid clicking on suspicious links or downloading files from untrusted sources, and use strong passwords and multi-factor authentication. 

Malware can enter your systems in various ways. However, Email is the main attack vector for businesses and organizations because of the frequency and quantity of communication that is hosted on email platforms. Security professionals can take several advanced measures to better protect against malware in end user’s inboxes including:

• ‍Staying up to date on the latest trends in email security‍
• Implementing AI powered security solutions to protect against AI powered attacks‍
• Identifying and prioritizing highly vulnerable employees and improving employee training programs

If malware is downloaded onto your device you should:

1. Disconnect from the internet and restart your device. 
2. You should also scan and remove any malicious programs with a virus scanner. 
3. Check to see if you have any anti-malware or other security solutions on your device. If not, download it.
4. Make sure all software and applications are up to date.
5. Contact the manufacturer of your device for additional tech support.

Manually deleting suspicious files and restoring your device to its previous state is also possible but is not a full proof process.

A top indicator of malware is an unintentionally jailbroken iPhone. For more covert cases, check for anything unfamiliar that you wouldn’t normally have on your iPhone: apps, strange messages, or random events in your calendar. Other ways to check for malware is to be observant about power and data usage. Unusually high usage of both data and energy is a sign of malware.

The App Store contains antivirus applications that allow you to reset your iPhone and remove any malicious materials.

Be careful of trojans posing as AVs on the App Store, ensure your security is from a reputable and verified source.

You can check for malware on a Mac desktop or laptop by using an antivirus software or running a malware scan using the built-in protection feature that comes with macOS or you can manually delete malicious files or reset your Mac to its original factory settings.

You also want to update your software to the latest macOS software. Updated software usually includes patches that improve your security posture, making it very important to keep your Mac up to date.

For more information on Apple’s response to malware visit here.

Darktrace PREVENT allows the security team to identify, prioritize, and test vulnerabilities, reducing risk and hardening defenses both inside the organization and outside on the attack surface – continuously and autonomously. 

Darktrace DETECT delivers instant visibility into the most advanced threats like novel malware strains by understanding what’s normal in your organization, to identify what’s not.

Darktrace RESPOND delivers autonomous, always-on action to contain and disarm attacks within seconds. When a threat like malware is detected, RESPOND leverages Darktrace’s understanding of “self”, to pinpoint signs of an emerging attack, stopping malicious activity, while allowing normal business to continue. 

Raccoon stealer is a MaaS (Malware-as-a-Service) which was first publicized in 2019 and provides a variety of services to their affiliates. This is an organized team that grants their affiliates access to info-stealer, an easy-to-use automated backend panel hosting infrastructure and 24/7 customer support. This is a form of credential theft and losing credentials to a cyber-criminal can have detrimental effects to an organization or individual. 

Raccoon Stealer communicates with a remote server controlled by the attackers, sending the stolen data for storage or sale on the dark web. The malware is designed to avoid detection by security software by using anti-debugging and anti-virtualization techniques.

Darktrace picked up on several of the info-stealer’s activities. In particular, the device’s downloads of library files from the C2 server caused an alarm in the system and a quick response by Darktrace’s 24/7 SOC team. 

To learn more about the Raccoon Stealer v1 CLICK HERE

To learn more about the Raccoon Stealer v2 CLICK HERE

Laplas Clipper a MaaS (Malware-as-a-Service) offering a variant of information stealing malware that targets crypto-currency transactions available for purchase to potential cyber-criminals. This malware has the capability to hijack the transaction of crypto-currency and send the funds to the attacker’s crypto-wallet.

In late 2022, Darktrace observed several threat actors employing a novel attack method to target crypto-currency users across its customer base, specifically the latest version of the Laplas Clipper malware. Darktrace was able to uncover and mitigate Laplas Clipper activity and intervene to prevent the theft of large sums of digital currency.

To learn more about the Laplas Clipper CLICK HERE